Why Your Passwords Suck

Let’s face it: passwords are a necessity. But, your passwords probably suck and I will tell you why.

They are too old
They are reused
They are too simple

Why it matters

Data breaches are all too common today. It is very likely that your password, for at least one website, has been compromised. The problem with that is someone can access your account and possibly spend your money on themselves. Even if they don’t directly spend your money they can get to your friends and family and try to get them to spend money. The loss of a password can cost you money. If they get your email password they can get to other sites. You will lose access to your email and possibly other sites. Do you see where this is going? The loss of a password can be catastrophic. It is really difficult to prevent the loss of a password. That will come from a data breach, but you can minimize the impact.

Your passwords are too old

How often should you change your password? Once a year is good, but quarterly is best. By changing your password quarterly you are less likely to have any particular account compromised. It is a lot of work to keep up with all your sites, but at least change the ones that have your banking or credit card information. Also be sure to change your email account password regularly. You can think of that as your anchor account. It is how you manage the passwords on other accounts. Protect it with frequent changes.

You use the same password in multiple sites

Don’t do that! Really don’t use your email password anywhere else. If one password is compromised then hackers will try that password on multiple sites to see if it works. By using the same password you are making it easier for them to steal from you. They are already trying really hard, but it is your job to make it harder.

Your passwords are too simple

I know it is easy to remember Password as your password. But, that is the first thing every hacker tries. It is also easy to remember your name, your birthday and your address, but those are easy targets for hackers. Make your passwords complex and long. It could be as simple as P@s5W0rdP@s5W0rd. I simply doubled the password to make it longer and changed some of the letters to special characters and numbers. You can use a phrase like “my Amazon password” and change it to MyAm@z0nP@55w0rd. Also make your password as complex as the site allows. If you can use lower case, upper case, numbers and special characters then use them all. Your password should be as random as possible. How can you possibly remember all these different long and complex passwords and keep changing them? You can’t. You need to use a password manager.

What is a Password Manager?

Simply it is a utility that remembers your password for websites and email systems. Most browsers have them built in and some will now even offer suggestions for randomized passwords. The problem is if you want to use a website from a different browser, a different computer or your phone you won’t have the password. Google does sync from chrome to all your devices as long as you log in. Apple also has iCloud Keychain which you can set up, but if you are using a mixed environment then these solutions don’t work.

What should you use?

There are loads of password managers out there. Tom’s Guide does a review of the latest and greatest. They aren’t all free, but one of these should meet your needs. Pick one and use it religiously. I use KeePass. Tom’s guide says it is “Great — if you’re highly technical” and, I agree. It can be used on Windows, Chromebook, Android and Apple. But, it does require some setup and manual syncing. You can sync using Box, OneDrive or Google Drive. With any password manager your passwords are kept safe from others, but are always available to you. Although the family plan of LastPass does allow you to share passwords or make them available to trusted others. LastPass is not free anymore with sync across all platforms. If you just use one platform it might be right for you. It is simple to set up and transparent to use.

Now what?

Get a password manager and start changing your passwords. Then change them on a regular basis. Even better, if the site allows it, enable two factor authenication. That will use a second method such as a text to your cell phone to confirm you are really you. Expect that companies will be hacked and be ready for them!